Skip to main content
CVE-2026-32122 MEDIUM This Month

OpenEMR versions prior to 8.0.0.1 fail to properly enforce access controls on the Claim File Tracker AJAX endpoint, allowing authenticated users without billing permissions to retrieve sensitive claim metadata including claim IDs, payer information, and transmission logs. An authenticated attacker with minimal privileges can access confidential billing information that should be restricted to authorized billing staff. No patch is currently available for affected installations.

Authentication Bypass Openemr
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3906 MEDIUM This Month

Authenticated WordPress users with Subscriber-level privileges can create editorial notes on any post via the REST API in versions 6.9-6.9.1, bypassing permission checks that should restrict note creation to authorized editors. This allows attackers to annotate private posts, posts by other authors, and unpublished content without proper authorization. No patch is currently available for this Medium severity vulnerability.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3941 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3903 MEDIUM This Month

The Modular DS WordPress plugin through version 2.5.1 lacks CSRF protections on its OAuth disconnection function, allowing unauthenticated attackers to sever the plugin's SSO connection by tricking administrators into clicking a malicious link. This vulnerability affects all website administrators using the plugin and could disrupt authentication mechanisms if exploited. No patch is currently available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12555 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 versions up to 18.7.6 is affected by incorrect authorization (CVSS 4.3).

Gitlab Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0602 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 versions up to 18.7.6 contains a security vulnerability (CVSS 4.3).

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1663 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 versions up to 18.7.6 is affected by missing authorization (CVSS 4.3).

Gitlab Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3928 MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3429 MEDIUM PATCH This Month

Keycloak's Account REST API improperly validates session assurance levels, enabling authenticated attackers with a victim's password to remove MFA/OTP credentials without re-authentication and subsequently register their own authenticator. This allows complete account takeover by bypassing the intended multi-factor authentication protections. The vulnerability affects users relying on MFA as a security control and currently has no available patch.

Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-1230 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 versions up to 18.7.6 is affected by use of incorrectly-resolved name or reference (CVSS 4.1).

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy